CISA Nearing Completion of Zero Trust Architecture Guidance
The Cybersecurity and Infrastructure Security Agency is finishing up several guidance documents that would help organizations transition to a zero trust environment.
John Simms, deputy branch chief of CISA’s Cybersecurity Assurance Branch, said during an ATARC panel event that there is a necessary shift from a network-centric way of approaching cybersecurity and visibility. He shared that the documents and other efforts that the cybersecurity agency is taking up will help agencies adopt a more data-centric way of tackling security matters.
Since the start of September, CISA and the Office of Management and Budget have rolled out the draft zero trust strategy, the draft cloud security technical reference architecture and the draft zero trust maturity model. According to Simms, the guidelines were created after President Joe Biden signed an executive order that focused on cybersecurity. The EO required CISA to change expectations for zero trust architecture and the services the agency provides to emphasize the concepts of zero trust at the application and data layers, Federal News Network reported.
The CISA official shared that the organization focused on how zero trust architecture would work with the National Institute of Standards and Technology‘s Special Publication 800-53, which focuses on security and privacy controls for information systems and organizations. According to Simms, there is a significant difference between CISA’s view of the cybersecurity architecture and how inspectors general would assess agencies about their cybersecurity implementations.
The Department of Homeland Security component is also working with the Federal Chief Information Officer Council, the NIST and the Council of IG on Integrity and Efficiency about the relation of zero trust and SP 800-53. CISA will also use the Continuous Diagnostics and Mitigation Program to help agencies achieve zero trust.
Tags: cybersecurity Cybersecurity and Infrastructure Security Agency cybersecurity environment Department of Homeland Security Federal News Network John Simms National Institute of Standards and Security zero trust